Do NOT trust the server

20 Oct 2011

I have sometimes stumbled across the comment in privacy aware IRC channels and forums that “if you do not trust the server, change server”.
I do not agree with this, I think that it is important that you should never trust the server if you are handling sensitive information.

Always try to use protocols that protect you End-to-End to avoid the need of server trust.
Most communication protocols do not support this i.e. Jabber where all traffic is tunnelled through the server (please correct me if I am wrong), Skype (i.e. decrypting traffic for China), E-mail and so on.
There are patches and ways to avoid this though i.e PGP and OTR (weak against MitM-attacks).

If a protocol requires you to rely on a server for protection then expect that data to leak. The server provider WILL loose your password in clear text, loose logs or decrypt your messages for governments, employes, hackers or anyone else who cares to listen.

Numerous examples of companies who ask you to trust them for anonymity or security has been proven flawed. Examples are Hushmail and Hide My Ass.
The problem is that the reaction often is surprisingly small from the public and the users. If companies like these can doesn’t protect you, what role do they then serve? It is all pseudo-safety.

Server trust is a big problem with anonymous VPN providers, they live of your trust. If you do not trust them not to hand out information or log then they are useless. In this case it is hard to avoid the trust relationship (if you do not use TOR or I2P but watch out for exit node on these darknets, you have the same problem there as with the VPN providers. Use hidden services (eepsites), or TLS connections if visiting vanilla internet).

blog comments powered by Disqus